Date: Tue, 03 May 94 13:56:12 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#062 Computer Privacy Digest Tue, 03 May 94 Volume 4 : Issue: 062 Today's Topics: Moderator: Leonard P. Levine Ethics and the Law The Great Clipper Debate 5/9/94 Protect Your Diskettes Seeking information Police telecommunications Re: Credit check only with Permission Granted Re: Credit check only with Permission Granted Re: Credit Reports Re: NSA remarks at "Lawyers and the Internet" Re: Phillip Zimmermann's Encryption program anybody?? Re: Military and Law Enforcement Re: SSN: Do Not Give Your Number to Anyone! Re: Long Distance Companies The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: WHMurray@dockmaster.ncsc.mil Date: 1 May 94 14:23 EDT Subject: Ethics and the Law Tony Austin writes (on Privacy): It's ethical because it violates no laws. [Judging from discussions that I have had on the net, on many college campuses anything that is not illegal is permitted. On a few, what is not illegal is mandatory. For example, rude speech is justified in the name of "free speech." Freedom is interpreted as conferring license rather than responsibility.] While this idea has a great deal of currency, it is both false and destructive. Ethics is defined as "the study and philosophy of human conduct, with emphasis on the determination of right and wrong." To equate ethical with legal is to give to the state the right to decide all issues of right and wrong. While most states are more than anxious to arrogate this authority to themselves, few of was would like to live in the world in which they were permitted to do so. Many things are perfectly ethical, moral, and right but are illegal under the laws of many states. Even small children are aware that laws against cohabitation are unethical. Nonetheless, I grew up under such laws, right here in the United States of America. Incidentally, they are still on the books in many of the fifty states. (In Texas and Florida, they are still enforced. (citations available on request)) Likewise, many things that are generally accepted to be unethical, e.g., lying in political discourse, are not only perfectly legal, but in this country are constitutionally and specifically exempted from any legislation on the part of the state. Many states endorse and use torture and imprisonment without trial. Until a little more than a hundred and thirty years ago the law of the United States allowed one man to own another as private property. If we had had to wait for a legislature to fix that, it might be the law yet. I do not know where this idea came from, but it is particularly dangerous and ought to be resisted at every opportunity. Neither the state nor even the law are the appropriate arbiters of right and wrong. While we may have to live with the law, we do not have to accept it as ethical and moral when it is not. William Hugh Murray, Executive Consultant, Information System Security 49 Locust Avenue, Suite 104; New Canaan, Connecticut 06840 1-0-ATT-0-700-WMURRAY; WHMurray at DOCKMASTER.NCSC.MIL ------------------------------ From: Dave Banisar Date: 2 May 1994 18:17:02 +0000 Subject: The Great Clipper Debate 5/9/94 The Great Clipper Debate: National Security or National Surveillance? Sponsored by: The Georgetown University Law Center Space Law Group and Communications Law Forum In Coordination with: The George Washington University Institute for Computer and Telecommunications Systems Policy, the Association for Computing Machinery Special Interest Group for Computers and Society, and the American Bar Association Criminal Justice Section. Date and Time: May 9, 1994, at 7:30 p.m. Place: The Georgetown University Law Center(Moot Court Room) 600 New Jersey Avenue, N.W., Washington, D.C. The Administration, through the Department of Justice and the National Security Agency, has proposed a standard encryption algorithm for both the public and commercial marketplace, with the goal of making this algorithm the method of choice for persons wishing to encode their telephone and other voice and data communications. The FBI and the NSA are concerned that the increasing availability, and affordability, of encryption mechanisms will make it difficult and in some cases impossible for law enforcement and intelligence agencies to tap into and to understand the communications of criminals and other pertinent groups. This proposal has become known as the "Clipper Chip," in that it would be implemented by the voluntary insertion of a computer chip into telephone, fax machine, and other communications systems. The Clipper Chip has generated considerable controversy. Opposing it are various civil libertarian groups, as well as telecommunications companies, software and hardware manufacturers, and trade associations. The debate has raged behind closed doors, and openly in the press. On Monday, May 9, at the Georgetown University Law School, a round table debate will take place on this controversy. The participants represent both sides of the issue, and are illustrative of the various groups which have taken a stand. The participants are: Dorothy Denning, Chairperson of the Computer Science Department of Georgetown University Michael Godwin, Legal Counsel of the Electronic Frontier Foundation; Geoffrey Greiveldinger, Special Counsel to the Narcotic and Dangerous Drug Section of the U.S. Department of Justice; Michael Nelson, of the Office of Science and Technology Policy of the White House; Marc Rotenberg, Director of the Electronic Privacy Information Center; and Stephen Walker, President of Trusted Information Systems, Inc., and a former cryptographer with the National Security Agency In addition, there will be two moderators: Dr. Lance Hoffman, Professor of Electrical Engineering and Computer Science at The George Washington University, and Andrew Grosso, a former federal prosecutor who is now an attorney in private practice in the District of Columbia. The program will last approximately two and one half hours, and will be divided into two parts. The first half will offer the panel the opportunity to respond to questions which have been submitted to the participants beforehand; the second will present the panel with questions from the audience. There is no charge for this program, and members of the public are encouraged to attend. Reservations are requested in advance, and should be directed to one of the following individuals: - C. Dianne Martin, Associate Professor, Department of Electrical Engineering and Computer Science, The George Washington University, Phillips Hall, Room 624-C, Washington, D.C. 20052; telephone: (202) 994-8238; E mail: diannem@seas.gwu.edu - Sherrill Klein, Staff Director, ABA Criminal Justice Section,1800 M Street, N.W., Washington, D.C. 20036; telephone: (202) 331-2624; fax: (202) 331-2220 - Francis L. Young, Young & Jatlow, 2300 N Street, N.W., Suite 600, Washington, D.C. 20037; telephone: (202) 663-9080; fax: (202) 331-8001 Questions for the panelists should be submitted, in writing, to one of the moderators: - Lance Hoffman, Professor, Department of Electrical Engineering and Computer Science, The George Washington University, Washington, D.C. 20052; fax: (202) 994-0227; E mail: ictsp@seas.gwu.edu - Andrew Grosso, 2300 N Street, N.W., Suite 600, Washington, D.C., 20037; fax: (202) 663-9042; E mail: agrosso@acm.org ------------------------------ From: glr@rci.ripco.com (Glen Roberts) Date: 3 May 1994 01:39:14 GMT Subject: Protect Your Diskettes Organization: RCI, Chicago, IL There may be a danger lurking in your diskettes, more sinister than a virus; a deceptive diskette. Take a "blank" diskette and copy a file to it for an associate or customer. Little do you know that there might be hidden data on that "blank" diskette. Data with your personal or trade secrets. Who ever gets the disk gets those secrets. Now you can protect yourself. The "SAFE" utility examines a diskette and informs you whether there is any data hiding on the disk. Either you get a clean bill of health, or are warned not to send out the diskette. It also lets you view the hidden data (which may or may not make sense, ie: text files will be readable, but databases may look like trash). Not only can you protect yourself, but you can keep an eye on what secrets others are unknowningly passing on to you. Examine every disk you send out, or receive, you could be amazed at the results. SAFE is designed to run on DOS type computers (SAFE.COM is 5120 bytes). Quick and small. SAFE is available at: ftp.ripco.com:/pub/msdos/disk/safe.zip -- Glen L. Roberts, author, How To Spy On Anyone Without Getting Caught Host Full Disclosure Live (WWCR 5,810 khz - Sundays 7pm central) Box 734, Antioch, Illinois 60002 Fax: (708) 838-0316 Surveillance Hotline: (708) 356-9646 Bust the Bureaucrats: (708) 356-6726 ------------------------------ From: David Johnson Date: May 02 18:15:27 1994 Subject: Seeking information I am trying to locate any mailing lists or newsgroups that deal with espionage. Can anyone assist me in finding anything relevant? Please contact me directly via e-mail at worldwid@uunet.uu.net Thank you in advance for your assistance. -- David Johnson 2421 W. Pratt Boulevard, Suite 971 President, Worldwide Consultants Chicago, Illinois 60645 Editor, Information Gatherer Newsletter U.S.A. International Investigator Tel: (800) 316-0801 (24 hrs.) Security Consultant Fax (c/o World-Con): (908) 542-1266 Privacy Strategist E-mail: worldwid@uunet.uu.net [moderator: Perhaps this would be a good beginning of a thread for discussion on this group. Post here, rather than, or in addition to contacting Mr. Johnson by email.] ------------------------------ From: herronj@MAIL.FWS.GOV Date: 03 May 94 07:30:13 MST Subject: Police telecommunications I too am not worried about police getting better telecommunications equipment. Nor am I worried about the better finger printing equipment. What I am worried about is the police use of telecommunications _monitoring_ equipment and how they use finger print databases. The police are known to regularly monitor cordless and cellular phone converstations without a warrant and with very little justification. A friend of mine has a scanner and tells me that 3 of his 5 neighbors with cordless phones have mentioned smoking marijuana (upper middle class neighborhood). The police also know that half the American public is doing something illegal and figure they can get good tips this way. Finger print information is a very good police tool if used properly. My fear is that with more and more states requiring finger printing for a drivers license is that soon we will all be finger printed. It would then be a small step for commercial enterprises to scan these finger prints as identification for check cashing etc. And like in the current "drug war" police pay snitches to turn people in. What worries me the most is the conversion of military technologies to police use. A company is working on a system of audio monitors that can monitor a city for 'suspicious' "noises such as gunfire", pin point the location, and notify police. What they don't tell you is that this 'pin pointing' can also pick out regular converstations that occur on the street (depending on the number and location of the monitors). Scary stuff. ------------------------------ From: rivaud@coyote.rain.org (L. E. de Rivaud) Date: 1 May 1994 10:45:48 -0700 Subject: Re: Credit check only with Permission Granted Organization: wherever.com Don Whiteside (59326796Z@servax.fiu.edu) wrote: Which just goes to show the effectiveness of this ploy - I paid cash. But did you show them your licence? ------------------------------ From: poivre@netcom.com (Poivre) Date: 3 May 1994 02:08:17 GMT Subject: Re: Credit check only with Permission Granted Organization: NETCOM On-line Communication Services (408 241-9760 guest) Don Whiteside (59326796Z@servax.fiu.edu) wrote: Pretty much every auto dealership does this. Think back to the last time you went car shopping. The second you expressed an interest in a test drive, they ask you for your driver's license. Then they dissapear for about 5 minutes (the more suave amoung them send somebody else) and get your credit report. Years ago, my father and I experimented with this by handing them his license sometimes and mine other times. He having a much longer credit history.... Without fail, the eagerness of the salespeople rose signifigantly when we used his license. Is it possible NOT to give them your license?? Also, if my license # is not my SSN, is it possible for them to still check my report?? If i were a rich kid and i could buy a car with cash without loans, leases, etc, would i be able to buy one without a credit check?? -- poivre@netcom.com : #include lychees@marble.bu.edu : ------------------------------ From: austin@netcom.com (Tony Austin) Date: 1 May 1994 18:48:50 GMT Subject: Re: Credit Reports Organization: NETCOM On-line Communication Services (408 241-9760 guest) If you are holding a court judgment in your hand against a person who you want to do a credit check on, would that be considered PERMISSIBLE PURPOSE? The definition of PERMISSIBLE does not mean you have to have permission. It is simply defined as: 1.) adj. That can be permitted; allowable. Perhaps an abstract on: PERMISSIBLE PURPOSE could define this more clearly. -- Tony Austin ------------------------------ From: steve-b@access.digex.net (Steve Brinich) Date: 1 May 1994 21:33:12 -0400 Subject: Re: NSA remarks at "Lawyers and the Internet" Organization: Express Access Online Communications, Greenbelt, MD USA Until I have a Clipper or two to play with, I am going to reserve technical judgement. And when you do have a Clipper or two to play with, what kind of "technical judgment" are you going to make? The chips are designed to resist reverse engineering. -- Steve Brinich | If the government wants us to respect the law, | | it should set a better example. | PGPrint (finger for key) BB 5E 1E 3D D4 72 52 3A F8 9C 00 00 41 0D 65 65 ------------------------------ From: news@cbnewsh.att.com Date: 2 May 94 04:19:31 GMT Subject: Re: Phillip Zimmermann's Encryption program anybody?? Organization: AT&T Global Information Solutions, NCR's new name Several people have written: I recently read an article in the Wall street journal about an encryption program that is used by emailers on the internet called PGP "Pretty Good Privacy". I figured this would be a good place to start looking for information about computer privacy...Can anyone tell me of an FTP site where I can get a copy? (for personal use). PGP is available on a number of ftp sites. Some of them are soda.berkeley.edu (soon to be renamed ftp.csua.berkeley.edu) ftp.funet.fi (in Finland, so you non-US residents can get it legally) garbo.uwasa.fi You can also find out where many things are archived for ftp by using archie. Telnet to an archie server, log in as archie, no password, and type help to get help. It's easy to ask it for a list of ftp sites with the material you're looking for; you may want to turn on paging options because popular programs are archived in many sites. There are also fancier front-end clients that will make your searching more convenient. Some popular archie servers are archie.ans.net, ds.internic.net, archie.rutgers.edu, archie.sura.net. Most archie servers are busy at the time of day you're calling them, but they'll give you a list of other archie servers around the world, so of which will not be busy :-) -- # Bill Stewart AT&T Global Information Solutions (new name for NCR!) # 6870 Koll Center Pkwy, Pleasanton CA 94566 1-510-484-6204 fax-6399 # Email: bill.stewart@pleasantonca.ncr.com billstewart@attmail.com # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465 ------------------------------ From: tabrown@gis1dilurb.er.usgs.gov (tim brown) Date: 2 May 1994 16:27:04 GMT Subject: Re: Military and Law Enforcement Organization: other "John A. Thomas" writes: L.L. Lipshitz expresses concern about the "gradual incursion of military technology and personnel into the civilian domain." I certainly agree that the use of the military for civilian law enforcement is a dangerous practice. I do not agree that such a threat now exists. I certainly agree we should oppose efforts to involve the military in law enforcement, but I don't see any subtantial attempt to do so, least of all from the professional military itself. Unfortunately you are not looking in the right places. The Spring 1994 issue of ARMY RESERVE MAGAZINE has two interesting articles. One article deals with M.O.U.T. (military operations in urban terrain), then a bit later a second article talks about an omnibus piece of legislation to appropriate funds to the Army Reserve, so that it can perform duties similar to the National Guard, i.e., domestic "peacekeeping." I find this _very_ frightening. And, this comes from the "professional military itself." This said, I think the real threat to civil liberties comes from the ever-increasing power of the existing law-enforcement system. The Army or the NSA have no power to make arrests, issue subpoenas, convene grand juries, or bring prosecutions. But the FBI and DEA do. This is why the Digital Telephony proposal is much more threatening than the key-escrow scheme (Clipper), bad as it is. The Army has no power to make arrests? Maybe not, YET. On the subject of key escrow encryption (Clipper), who do you think will be performing the wire taps? It will be the FBI, BATF, DEA, Dept. of Treasury, Dept. of Justice, etc., not the NSA. The real threat (to liberty) is from "federalizing" the law-enforcement system, in combination with the increase in power. When the local police are more accountable to Washington D.C. than to the local mayor and the local citizens, "Lord Have Mercy On Us All." -- Timothy A. Brown Civil Engineer - Urbana, IL tabrown@srv1dilurb.er.usgs.gov ------------------------------ From: merlyn@ora.com (Randal L. Schwartz) Date: 02 May 1994 21:40:36 GMT Subject: Re: SSN: Do Not Give Your Number to Anyone! Organization: Stonehenge Consulting Services; Portland, Oregon, USA Dave writes: on another note, I had an idea when asked by a business ( non government, not required) for my SSN, I would ask them for their company's tax ID number, for they would never divulge their tax ID number ( dumb if they did), I would explain that the SSN is my tax number and I can't divulge it either. I haven't had the opportunity to try this, but I eagerly await the chance to do this. I've *never* had a problem getting a business to divulge a Tax ID number. It's a common request, and may (I dunno) be even part of the public corporate filings. Just another business owner, -- Name: Randal L. Schwartz / Stonehenge Consulting Services (503)777-0095 Keywords: Perl training, UNIX[tm] consulting, video production, skiing, flying Email: Snail/FAX: (Call) aka: Phrase: "Welcome to Portland, Oregon ... home of the California Raisins!" ------------------------------ From: poivre@netcom.com (Poivre) Date: 3 May 1994 02:24:54 GMT Subject: Re: Long Distance Companies Organization: NETCOM On-line Communication Services (408 241-9760 guest) Eric Kessner (dom@hermes.dna.mci.com) wrote: Rob Goldberg writes: I recently ordered a second phone line to my home and the operator asked if I wanted my social security number to be released to whatever long distance company I happened to use. I told her to forget it. I was wondering: what possible reason would these long distance companies need this information for? NYNEX didn't require me to give them my SSN. When i asked them why they wanted it, they didnt say it was for credit checks, they said it was for security so that other people cant mess with my service by impostering me. After all, who would know my SSN?????????? Additionally, i also applied for AT&T long distance for my phone line and AT&T didnt ask for my SSN. Also, i dont think AT&T thinks they can get it from your local phone company so they wont bother asking the customer. If they did that, NYNEX would have called me about it. Kudos to NYNEX :) -- poivre@netcom.com : #include lychees@marble.bu.edu : ------------------------------ End of Computer Privacy Digest V4 #062 ****************************** .